If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Somewhat of a lacking analogy, since gasoline cars can not be run on electricity just by "figuring out an e->g converter". X on wayland is working pretty well in this day and age. Imagine what it could have been already, if wayland actually had a team of dedicated developers opposed to a few talents making it happen?

You weren't talking about running X on Wayland, you mentioned killing X with fire in one sentence and replacing it in the next. The trouble with putting more people on Wayland is that X development/maintenance would suffer; imagine being told (of a bug in X): "We're not fixing that, you need to leave X and run Wayland instead".

Comment

And using the exact same set of X libraries that we just fixed all these bugs in. You can't be rid of the X client libraries without being rid of every existing program using them. And for every X program in your distro's package repository there's dozens more you don't see, including a ton of custom apps behind closed doors, doing things like running major subway systems off Motif-based control GUIs.

Comment

Most of these issues stem from the client libraries trusting the server to send correct protocol data

That sounds like a terrible idea. I don't think anyone should trust that what the X server sends is good at this point...

The X.Org security team would like to take this opportunity to remind X client authors that current best practices suggest separating code that requires privileges from the GUI, to reduce the attack surface of issues like this.

Indeed. I really hope something can be done about making more widespread use of polkit, as opposed to visual sudos. Starting with YaST.

Comment

People have stuff to do with the computer. They don't want to know about security issues. That is not the reason they bought it.

Fixed that for you. Now go back to Windows, you deserve to have your machine compromised by exploits nobody knows about and even if they are known maybe Microsoft will fix them next Patch-Tuesday. Well, maybe not, but how should you know?

Comment

Hahaha! You don't get it do you? Why would I fix those bugs? The moment linux security turns out to be shit is the moment I'll go back to Windows. Me and a lot of people. Nobody will contribute. Just silently switch! And then you will probably understand why Windows is where it is and linux is just a toy on the desktop.

So in other words you plan to switch from a platfrom with privelege elevation security problems to one with remote-code-execution security problems, one where their own software update system was exploited to send viruses? Brilliant move there.